"Crooks 'Jackpot' ATMs in Latin America with New FiXS Malware"
In a series of attacks across Mexico, cybercriminals have been withdrawing cash on demand through the use of FiXS, an advanced ATM malware. According to a report released by researchers at Metabase Q, the attacks employ similar methods as earlier ATM malware known as Ploutus, which has attacked banks in Latin America since 2013. In 2021, a variant of the malware was identified, mainly targeting ATMs manufactured by the Brazilian vendor Itautec, and was widespread throughout Latin America. Metabase Q's Ocelot Team stated that the FiXS malware is new and is now affecting Mexican banks. FiXS malware's name derives from the type of vendor-agnostic ATM middleware that it targets called CEN XFS. According to the researchers, it is unknown how the threat actors gain access to systems to install the FiXS malware on ATMs. Once installed, FiXS enables attackers to exploit the CEN XFS set of protocols and Application Programming Interfaces (APIs). The malware user interface enables remote cybercriminals to program the ATMs to dispense cash, which is a malicious activity known as jackpotting. This article continues to discuss findings regarding the new FiXS malware.
SC Media reports "Crooks 'Jackpot' ATMs in Latin America with New FiXS Malware"